<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Talos Principle Vulkan version crash: spirv_to_nir() returns NULL entry_point"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=104246">104246</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Talos Principle Vulkan version crash: spirv_to_nir() returns NULL entry_point
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>git
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Drivers/DRI/i965
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>eero.t.tamminen@intel.com
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Setup:
- KBL GT3e
- Ubuntu 16.04
- Mesa git version
- Latest Talos Principle available from Steam downloaded
- Steam game launch options set to use Vulkan: "%command% +gfxStrAPI VLK"
- Talos Gfx options set to high GPU speed

Test-case:
- Start Talos Principle

Expected outcome:
- Talos starts, like with Mesa commit "mesa-17.3.0"

Actual outcome:
- Talos Principle segfaults before showing anything

Crash is because of NULL pointer access in spirv->nir fragment shader
compilation:
---------------------------------------------------------
Thread 1 "Talos" received signal SIGSEGV, Segmentation fault.
anv_shader_compile_to_nir (pipeline=0x5142730, pipeline=0x5142730,
spec_info=0x0, stage=MESA_SHADER_FRAGMENT, entrypoint_name=0x7fffffff90d0 "", 
    module=0x3c69600, mem_ctx=0x37a8170) at
../../../src/intel/vulkan/anv_pipeline.c:153
153        nir_shader *nir = entry_point->shader;
(gdb) bt
#0  anv_shader_compile_to_nir (pipeline=0x5142730, pipeline=0x5142730,
spec_info=0x0, stage=MESA_SHADER_FRAGMENT, entrypoint_name=0x7fffffff90d0 "", 
    module=0x3c69600, mem_ctx=0x37a8170) at
../../../src/intel/vulkan/anv_pipeline.c:153
#1  anv_pipeline_compile (pipeline=pipeline@entry=0x5142730,
mem_ctx=mem_ctx@entry=0x37a8170, module=module@entry=0x3c69600, 
    entrypoint=entrypoint@entry=0x237b915 "main",
stage=stage@entry=MESA_SHADER_FRAGMENT, spec_info=spec_info@entry=0x0,
prog_data=0x7fffffff90d0, 
    map=0x7fffffff8ff0) at ../../../src/intel/vulkan/anv_pipeline.c:395
#2  0x00007fffe6056162 in anv_pipeline_compile_fs
(pipeline=pipeline@entry=0x5142730, cache=cache@entry=0x3923c20,
info=info@entry=0x7fffecabf8f0, 
    module=module@entry=0x3c69600, entrypoint=0x237b915 "main", spec_info=0x0)
at ../../../src/intel/vulkan/anv_pipeline.c:871
#3  0x00007fffe605793e in anv_pipeline_init (pipeline=pipeline@entry=0x5142730,
device=device@entry=0x3c059c0, cache=cache@entry=0x3923c20, 
    pCreateInfo=pCreateInfo@entry=0x7fffecabf8f0, alloc=0x3c059c8,
alloc@entry=0x0) at ../../../src/intel/vulkan/anv_pipeline.c:1347
#4  0x00007fffe61f28cf in gen9_graphics_pipeline_create
(pPipeline=0x7fffffffcd80, pAllocator=0x0, pCreateInfo=0x7fffecabf8f0,
cache=0x3923c20, 
    _device=0x3c059c0) at ../../../src/intel/vulkan/genX_pipeline.c:1661
#5  gen9_CreateGraphicsPipelines (_device=0x3c059c0, pipelineCache=0x3923c20,
count=1, pCreateInfos=<optimized out>, pAllocator=0x0,
pPipelines=0x7fffffffcd80)
    at ../../../src/intel/vulkan/genX_pipeline.c:1864

(gdb) list anv_shader_compile_to_nir
...
149        nir_function *entry_point =
150           spirv_to_nir(spirv, module->size / 4,
151                        spec_entries, num_spec_entries,
152                        stage, entrypoint_name, &spirv_options,
nir_options);
153        nir_shader *nir = entry_point->shader;

(gdb) disassemble
Dump of assembler code for function anv_pipeline_compile:
...
   0x00007fffe6055a50 <+256>:   callq  0x7fffe63fa130 <spirv_to_nir>
=> 0x00007fffe6055a55 <+261>:   mov    0x18(%rax),%rbx
   0x00007fffe6055a59 <+265>:   mov    0x20(%rsp),%rdi

(gdb) info registers rax rbx
rax            0x0      0
rbx            0x0      0
---------------------------------------------------------


In case it matters, here are variable values & struct contents:
---------------------------------------------------------
(gdb) info locals
device = <optimized out>
spec_entries = 0x0
spirv_options = {lower_workgroup_access_to_offsets = true, caps = {float64 =
true, image_ms_array = false, tessellation = true, draw_parameters = true, 
    image_read_without_format = false, image_write_without_format = true, int64
= true, multiview = true, variable_pointers = true, storage_16bit = true}, 
  debug = {func = 0x0, private_data = 0x0}}
entry_point = <optimized out>
nir = <optimized out>
compiler = 0x39d2330
nir_options = 0x7fffe644afc0 <scalar_nir_options>
spirv = 0x3c69618
num_spec_entries = 0

(gdb) print *module
$7 = {sha1 = "Y%cewe\242\022\065\064\225\t\354ͥ\222\222A\333 ", size = 1664,
data = 0x3c69618 "\003\002#\a"}

(gdb) print *nir_options
$1 = {lower_fdiv = true, lower_ffma = false, fuse_ffma = false, lower_flrp32 =
false, lower_flrp64 = true, lower_fpow = false, lower_fsat = false, 
  lower_fsqrt = false, lower_fmod32 = true, lower_fmod64 = false,
lower_bitfield_extract = true, lower_bitfield_insert = true, lower_uadd_carry =
true, 
  lower_usub_borrow = true, lower_negate = false, lower_sub = true, lower_scmp
= true, lower_idiv = false, fdot_replicates = false, lower_ffract = false, 
  lower_pack_half_2x16 = true, lower_pack_unorm_2x16 = true,
lower_pack_snorm_2x16 = true, lower_pack_unorm_4x8 = true, lower_pack_snorm_4x8
= true, 
  lower_unpack_half_2x16 = true, lower_unpack_unorm_2x16 = true,
lower_unpack_snorm_2x16 = true, lower_unpack_unorm_4x8 = true,
lower_unpack_snorm_4x8 = true, 
  lower_extract_byte = false, lower_extract_word = false, native_integers =
true, vertex_id_zero_based = true, lower_cs_local_index_from_id = false, 
  use_interpolated_input_intrinsics = true, max_unroll_iterations = 32}
---------------------------------------------------------


Debug output I got by prefixing launch options with:
  gdbserver 127.0.0.1:1234

And in another terminal doing:
  (gdb) target remote :1234</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>